E-Mail-Sicherheit 2018 – ein Lagebericht
Informationen zur aktuellen Bedrohungslage, zu fehleranfälligen Schutzmechanismen und zu menschlichem Versagen – und wie eine Cyber Resilience Strategie Sie vor Cyber Angriffen schützt.
Alright, Security friends – it’s that time of year again where we dust off the walking shoes, change our work lanyards for a party pass or two, and get our arms ready for hauling the best of the best swag back home for our coworkers and kids to fight over… it’s almost RSA Conference time!
With the abundance of great sessions, how do you choose what to check out? We’ve asked some of our RSA attendees to recommend some sessions that caught their eye. Here’s what they’re looking forward to.
Candidly, it was always difficult to attend sessions as RSA’s CISO. I had to be very thoughtful about which sessions I could attend amid other corporate and customer responsibilities. I’d distill the topics of most importance to my internal cyber program initiatives for the year. Then, I’d plan my agenda around those themes from strategic to tactical and choose compelling speakers with interesting backgrounds in a variety of formats. I love the “reserve a seat” ability added a year or so ago for those must-see sessions.
INSIDER TIP - I’d also recommend that keynotes are better viewed streaming from the confines of one’s hotel room unless you like large throngs of people. All that in mind…. here are some of my top sessions to attend this year….
Keith Alexander, former NSA director, and Nadav Zafrir, former commander of Israel’s 8200 Intelligence Unit - very compelling to learn what keeps them up at night, and what are they hopeful about in the world of cyber
Security Orchestration and Incident Response - It is not if but when you have an incident. Orchestration and response are key tenants of cyber resilience.
In this hyper-connected world, organizations are more at risk than ever, having to now focus on new areas that they never asked for. Bruce Schneier will explore how to achieve cyber-resilience in an uncertain world of security attacks. Security teams need an orchestrated approach, integrating both human expertise and big-data/machine-learning capabilities, to achieve resilient security.
Creating Order from Chaos: Metrics That Matter - This is a real challenge for every CISO– what to report to the CIO and Board
Decision-makers need reliable data to understand risk and determine the value of investments. With the amount of data available in a multinational company, one would assume that answers would be easy to find. But how does one identify which data is reliable and make it meaningful? This talk will provide best practices and lessons learned on how ADP built an effective security metrics program.
Cybersecurity Impact on Mental Health: Managing Stress, Building Resilience - I’ve lived this stress and continue to hear over-and-over again how important the human factor plays into the work we as cyber practitioners do.
The human factor of mental health plays a vital role in how individuals and organizations respond to threats and manage in a constantly changing environment. This session will foster a conversation about the psychological and psychiatric impact elements in cybersecurity. Participants will learn methods on how to manage stress, prevent burnout and create a foundation for resilient human networks.
Within 10 Years, Autonomous Vehicles Will Change Every CISO’s Job - Need to keep ahead of the trends and I have kids who will be driving soon!
A few key topics captured my attention this year; Spectre and the process to disclose such vulnerabilities, the challenges of being a threat researcher, and detection and incident response in the world of cloud-based applications and services.
The recently-disclosed Spectre vulnerability broadly affects modern high-speed microprocessors. Paul Kocher, who co-discovered and named the attack, will explore how Spectre works, its short- and long-term security implications, the trade-offs and limitations of available mitigation options, and lessons learned from its discovery and embargo process.
Threat researchers can find themselves in dicey situations they are unprepared for. This talk will discuss actual ethical and legal dilemmas of threat researchers including consorting with and deceiving criminals, groping thru stolen personal data, turning a blind eye to criminal activity, wandering into compromised systems, and the ultimate worse case: being corrupted and arrested by the FBI.
We’ve got more assets in the cloud than ever. Unfortunately, we also have less visibility and control in these environments, as well. Implementing detection and response controls that leverage cloud provider tools and controls, as well as automation strategies and processes, is critical for effective incident detection and response in hybrid cloud environments. This session will get you started!
GDPR has ramifications for many businesses within Australia and falls on the heels of the newly-introduced NDB legislation. These two talks cover key areas of interest for me: the security aspects of GDPR and the challenges and solutions as GDPR becomes a requirement.
I’m also looking forward to some insights into the real-life issues faced by CISOs in a real-world large organisation.
Hopefully, you've heard by now: The GDPR is the biggest piece of privacy legislation the world has seen in decades. Due to its broad territorial scope, anyone doing business with Europeans must abide by its mandates and understand its compliance obligations. That means security, too. It may be a "data protection" law, and the focus of many privacy professionals, but the law mentions "security" 53 times over the course of 100 pages. Not only does the GDPR introduce for the first time an EU-wide concept of "appropriate security," but it also brings data breach notification continent-wide. Will you be ready to notify authorities within 72 hours of discovering a breach? In this half-day workshop, the IAPP brings you the sharpest minds to not simply explain what the law says, but to help you understand how to operationalize it.
Designed to provide comprehensive privacy and security protection, the General Data Protection Regulation (GDPR) has been called the Sarbanes-Oxley of the modern era. This session will illustrate the top 10 challenges posed by the GDPR for security professions and offer concise, actionable advice that can be applied immediately to meet the May 25, 2018, deadline.
This talk will explain the real-life issues facing the CISO of a large organization with IT and OT cybersecurity issues. Specifically, the OT cybersecurity realities will be reviewed and how resources are prioritized between IT and OT.
Cybercrime is no longer after small online platforms; giant platforms are being targeted to serve malicious content to millions increasing profits for cybercriminals. In 2017 Check Point’s research team revealed security flaws on some giant platforms such as WhatsApp, Facebook, Win10, media streamers, LG Smart Home and Android dev platforms. This session will share and demo the hacking techniques used.
We hope you get a chance to attend some of these great sessions and if you do swing by 909 and let us know.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly